DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th May 2021
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,779
Default Vulnerability in VMware product has severity rating of 9.8 out of 10

From https://arstechnica.com/gadgets/2021...9-8-out-of-10/

Quote:
A VMware advisory said that vCenter machines using default configurations have a bug that, in many networks, allows for the execution of malicious code when the machines are reachable on a port that is exposed to the Internet. The vulnerability is tracked as CVE-2021-21985 and has a severity score of 9.8 out of 10.

“The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server,” Tuesday’s advisory stated. “VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8... A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.”
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Aging and bloated OpenSSL is purged of 2 high-severity bugs J65nko News 0 4th May 2016 12:39 AM
Security Opera 12.11 fixes high-severity vulnerability J65nko News 0 20th November 2012 06:59 PM
High Severity BIND Vulnerability Advisory Issued J65nko News 2 24th February 2011 02:55 AM
Need help with NTP + VMWare Yuka FreeBSD General 9 25th September 2008 11:59 PM
NIC-less FreeBSD and VMware Nirbo FreeBSD General 11 11th May 2008 05:34 AM


All times are GMT. The time now is 12:40 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick